Skip site navigation (1) Skip section navigation (2)

Re: Encrypting pg_shadow passwords

From: Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
To: Jim Mercer <jim(at)reptiles(dot)org>
Cc: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Encrypting pg_shadow passwords
Date: 2001-06-26 04:56:04
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-hackers
> On Tue, Jun 26, 2001 at 12:20:40AM -0400, Bruce Momjian wrote:
> > We will do double-crypt and everyone will be happy, right?
> > 
> > > if the API as above existed, then i would be happy to see "password" go away
> > > (although it should be depreciated to a --enable option, otherwise you are
> > > going to ruin a bunch of existing code).
> > 
> > Who is using it?  We can continue to allow it but at some point there is
> > no purpose to it unless you have clients that are pre-7.2.  Double-crypt
> > removes the use for it, no?
> if the API allows a plain text password, and compares agains a cyrtpo-pg_shadow
> i would imagine that would be fine.
> at this point i should apologize for possibly arguing out of turn.
> if 7.2 has the above, that is cool.
> i'm sorta hoping my mods can make it into 7.1.3, if there is one.

Not a chance.  Only major bug fixes in 7.1.X.

  Bruce Momjian                        |
  pgman(at)candle(dot)pha(dot)pa(dot)us               |  (610) 853-3000
  +  If your life is a hard drive,     |  830 Blythe Avenue
  +  Christ can be your backup.        |  Drexel Hill, Pennsylvania 19026

In response to

pgsql-hackers by date

Next:From: Tatsuo IshiiDate: 2001-06-26 08:53:04
Subject: Re: stuck spin lock with many concurrent users
Previous:From: Jim MercerDate: 2001-06-26 04:51:21
Subject: Re: Encrypting pg_shadow passwords

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group